Inter-blockchain protocols with the Isabelle Infrastructure framework

The main incentives of blockchain technology are distribution and distributed change, consistency, and consensus. Beyond just being a distributed ledger for digital currency, smart contracts add transaction protocols to blockchains to execute terms of a contract in a blockchain network. Inter-blockchain (IBC) protocols define and control exchanges between different blockchains. The Isabelle Infrastructure framework has been designed to serve security and privacy for IoT architectures by formal specification and stepwise attack analysis and refinement. A major case study of this framework is a distributed health care scenario for data consistency for GDPR compliance. This application led to the development of an abstract system specification of blockchains for IoT infrastructures. In this paper, we first give a summary of the concept of IBC. We then introduce an instantiation of the Isabelle Infrastructure framework to model blockchains. Based on this we extend this model to instantiate different blockchains and formalize IBC protocols. We prove the concept by defining the generic property of global consistency and prove it in Isabelle

A criterion for separating process calculi

We introduce a new criterion, replacement freeness, to discern the relative expressiveness of process calculi. Intuitively, a calculus is strongly replacement free if replacing, within an enclosing context, a process that cannot perform any visible action by an arbitrary process never inhibits the capability of the resulting process to perform a visible action. We prove that there exists no compositional and interaction sensitive encoding of a not strongly replacement free calculus into any strongly replacement free one. We then define a weaker version of replacement freeness, by only considering replacement of closed processes, and prove that, if we additionally require the encoding to preserve name independence, it is not even possible to encode a non replacement free calculus into a weakly replacement free one. As a consequence of our encodability results, we get that many calculi equipped with priority are not replacement free and hence are not encodable into mainstream calculi like CCS and pi-calculus, that instead are strongly replacement free. We also prove that variants of pi-calculus with match among names, pattern matching or polyadic synchronization are only weakly replacement free, hence they are separated both from process calculi with priority and from mainstream calculi.Comment: In Proceedings EXPRESS'10, arXiv:1011.601

On Process-Algebraic Proof Methods for Fault Tolerant Distributed Systems

Abstract. Distributed Algorithms are hard to prove correct. In settings with process failures, things get worse. Among the proof methods proposed in this context, we focus on process calculi, which offer a tight connection of proof concepts to the actual code representing the algorithm. We use Distributed Consensus as a case study to evaluate recent developments in this field. Along the way, we find that the classical assertional style for proofs on distributed algorithms can be used to structure bisimulation relations. For this, we propose the definition of uniform syntactic descriptions of reachable states, on which state-based assertions can be conveniently formulated. As a result, we get the best of both worlds: on the one hand invariant-style representation of proof knowledge; on the other hand the bisimulation-based formal connection to the code

On Bisimilarity and Substitution in Presence of Replication

International audienceWe prove a new congruence result for the pi-calculus: bisimilarity is a congruence in the sub-calculus that does not include restriction nor sum, and features top-level replications. Our proof relies on algebraic properties of replication, and on a new syntactic characterisation of bisimilarity. We obtain this characterisation using a rewriting system rather than a purely equational axiomatisation. We then deduce substitution closure, and hence, congruence. Whether bisimilarity is a congruence when replications are unrestricted remains open

On the relative expressiveness of higher-order session processes

By integrating constructs from the λ-calculus and the π-calculus, in higher-order process calculi exchanged values may contain processes. This paper studies the relative expressiveness of HOπ, the higher-order π-calculus in which communications are governed by session types. Our main discovery is that HO, a subcalculus of HOπ which lacks name-passing and recursion, can serve as a new core calculus for session-typed higher-order concurrency. By exploring a new bisimulation for HO, we show that HO can encode HOπ fully abstractly (up to typed contextual equivalence) more precisely and efficiently than the first-order session π-calculus (π). Overall, under session types, HOπ, HO, and π are equally expressive; however, HOπ and HO are more tightly related than HOπ and π

Operational flood management under large-scale extreme conditions, using the example of the Middle Elbe

In addition to precautionary or technical flood protection measures, short-term strategies of the operational management, i.e. the initiation and co-ordination of preventive measures during and/or before a flood event are crucially for the reduction of the flood damages. This applies especially for extreme flood events. These events are rare, but may cause a protection measure to be overtopped or even to fail and be destroyed. In such extreme cases, reliable decisions must be made and emergency measures need to be carried out to prevent even larger damages from occurring. <br><br> Based on improved methods for meteorological and hydrological modelling a range of (physically based) extreme flood scenarios can be derived from historical events by modification of air temperature and humidity, shifting of weather fields and recombination of flood relevant event characteristics. By coupling the large scale models with hydraulic and geotechnical models, the whole flood-process-chain can be analysed right down to the local scale. With the developed GIS-based tools for hydraulic modelling <i>FlowGIS</i> and the Dike-Information-System, (IS-dikes) it is possible to quantify the endangering shortly before or even during a flood event, so the decision makers can evaluate possible options for action in operational mode

On Synchronous and Asynchronous Interaction in Distributed Systems

When considering distributed systems, it is a central issue how to deal with interactions between components. In this paper, we investigate the paradigms of synchronous and asynchronous interaction in the context of distributed systems. We investigate to what extent or under which conditions synchronous interaction is a valid concept for specification and implementation of such systems. We choose Petri nets as our system model and consider different notions of distribution by associating locations to elements of nets. First, we investigate the concept of simultaneity which is inherent in the semantics of Petri nets when transitions have multiple input places. We assume that tokens may only be taken instantaneously by transitions on the same location. We exhibit a hierarchy of `asynchronous' Petri net classes by different assumptions on possible distributions. Alternatively, we assume that the synchronisations specified in a Petri net are crucial system properties. Hence transitions and their preplaces may no longer placed on separate locations. We then answer the question which systems may be implemented in a distributed way without restricting concurrency, assuming that locations are inherently sequential. It turns out that in both settings we find semi-structural properties of Petri nets describing exactly the problematic situations for interactions in distributed systems.Comment: 26 pages. An extended abstract of this paper appeared in Proceedings 33rd International Symposium on Mathematical Foundations of Computer Science (MFCS 2008), Torun, Poland, August 2008 (E. Ochmanski & J. Tyszkiewicz, eds.), LNCS 5162, Springer, 2008, pp. 16-3